aboutsummaryrefslogtreecommitdiff
path: root/src/SemanticScuttle/Service/CommonDescription.php
diff options
context:
space:
mode:
authorcweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>2010-01-16 12:20:53 +0000
committercweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>2010-01-16 12:20:53 +0000
commit71506db48cf7551ddc4c458804fcc302b434cc58 (patch)
treec0f8005e8a4d002250b30a202392e4957bc48518 /src/SemanticScuttle/Service/CommonDescription.php
parent180e5a0fc617d9d5a7c516842d598adee0f2e049 (diff)
downloadsemanticscuttle-71506db48cf7551ddc4c458804fcc302b434cc58.tar.gz
semanticscuttle-71506db48cf7551ddc4c458804fcc302b434cc58.tar.bz2
fix several sql injection possibilities
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@599 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'src/SemanticScuttle/Service/CommonDescription.php')
-rw-r--r--src/SemanticScuttle/Service/CommonDescription.php10
1 files changed, 5 insertions, 5 deletions
diff --git a/src/SemanticScuttle/Service/CommonDescription.php b/src/SemanticScuttle/Service/CommonDescription.php
index 39c5826..0fffd32 100644
--- a/src/SemanticScuttle/Service/CommonDescription.php
+++ b/src/SemanticScuttle/Service/CommonDescription.php
@@ -76,7 +76,7 @@ class SemanticScuttle_Service_CommonDescription extends SemanticScuttle_DbServic
$query = "SELECT *";
$query.= " FROM `". $this->getTableName() ."`";
- $query.= " WHERE tag='".$tag."'";
+ $query.= ' WHERE tag=\'' . $this->db->sql_escape($tag) . "'";
$query.= " ORDER BY cdDatetime DESC";
if (!($dbresult = & $this->db->sql_query_limit($query, 1, 0))) {
@@ -96,7 +96,7 @@ class SemanticScuttle_Service_CommonDescription extends SemanticScuttle_DbServic
function getAllTagsDescription($tag) {
$query = "SELECT *";
$query.= " FROM `". $this->getTableName() ."`";
- $query.= " WHERE tag='".$tag."'";
+ $query.= ' WHERE tag=\'' . $this->db->sql_escape($tag) . "'";
$query.= " ORDER BY cdDatetime DESC";
if (!($dbresult = & $this->db->sql_query($query))) {
@@ -112,7 +112,7 @@ class SemanticScuttle_Service_CommonDescription extends SemanticScuttle_DbServic
function getDescriptionById($cdId) {
$query = "SELECT *";
$query.= " FROM `". $this->getTableName() ."`";
- $query.= " WHERE cdId='".$cdId."'";
+ $query.= ' WHERE cdId=\'' . $this->db->sql_escape($cdId) . "'";
if (!($dbresult = & $this->db->sql_query($query))) {
message_die(GENERAL_ERROR, 'Could not get tag descriptions', '', __LINE__, __FILE__, $query, $this->db);
@@ -151,7 +151,7 @@ class SemanticScuttle_Service_CommonDescription extends SemanticScuttle_DbServic
function getLastBookmarkDescription($bHash) {
$query = "SELECT *";
$query.= " FROM `". $this->getTableName() ."`";
- $query.= " WHERE bHash='".$bHash."'";
+ $query.= ' WHERE bHash=\'' . $this->db->sql_escape($bHash) . "'";
$query.= " ORDER BY cdDatetime DESC";
if (!($dbresult = & $this->db->sql_query_limit($query, 1, 0))) {
@@ -171,7 +171,7 @@ class SemanticScuttle_Service_CommonDescription extends SemanticScuttle_DbServic
function getAllBookmarksDescription($bHash) {
$query = "SELECT *";
$query.= " FROM `". $this->getTableName() ."`";
- $query.= " WHERE bHash='".$bHash."'";
+ $query.= ' WHERE bHash=\'' . $this->db->sql_escape($bHash) . "'";
$query.= " ORDER BY cdDatetime DESC";
if (!($dbresult = & $this->db->sql_query($query))) {